The data protection officer of Chrono24 is contactable at the above address, Attn: Data Protection Department and via .

2.
Collection and storage of personal data and the nature and purpose of its use

a)
When visiting the website

When you visit the Chrono24 website, the browser you are using on your device automatically sends information to the server for our website. This information is temporarily stored in a log file. The following information is automatically collected and subsequently automatically deleted after a period of 20 weeks:

the IP address of the querying computer

the date and time of access

the name and URL of the retrieved file

the website from which access is occurring (referrer URL),

the session ID

the user agent

the browser used and in some cases the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

to ensure a trouble-free connection with the website

to ensure convenient use of our website and optimise our platform

to monitor and ensure system security and stability.

to detect and prevent attacks on our website, and

for other internal statistical and administrative purposes.

We never use collected data to reference you as a person. In the event of an attack on our network infrastructure however, your IP address will be identified in order to assert or defend against legal claims.

We also use cookies and analytics services when you visit our website. For further details see points 5. and 6. of this Data Protection Policy.

b)
Registering as a user on our platform

Buyers, private sellers and commercial merchants can create a user account on our platform. The mandatory data required to set up a user account must be entered under i), ii) and iii). This data is processed

to identify you as our contract partner

to enter into, structure, execute and amend contracts with you governing the use of our platform and services offered thereupon

to assess the plausibility of the data entered

to contact you as necessary for with any questions, and

to assert any claims against you as necessary.

The data specified under points i), ii) and iii) are processed upon your placement of an inquiry for the purposes outlined above and are required for use of the platform in accordance with Article 6 para. 1 sentence 1 item b of the GDPR, and thus required for fulfilment of the contract and of pre-contractual actions.

You may have the option of providing voluntary information/data depending on the type of user account. We process voluntarily provided information/data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. This information/data is used to facilitate contact with you and ensure rapid clarification of any questions.

After deletion of your user account your data are automatically deleted to prevent further use unless, in accordance with Article 6 para. 1 sentence 1 item c GDPR, it must be stored for a longer period of time pursuant to retention and documentation requirements under tax or commercial code (HGB, StGB, AO), or if you have consented to storage for a longer period of time in line with Article 6 para. 1 sentence 1 item a GDPR.

i)
myChrono24 user accounts

The following mandatory data must be entered to register as a user (buyer) and set up a user account:

a valid email address

a password of your choice.

These constitute the login data for your user account.

You can also provide this voluntary user data:

Your first and last name

A profile picture

Your address (street, post code, city/town, country)

Your phone number.

ii)
Private sellers

To place sale offers as a private seller you must first have a user account (see i)). To place a sale offer on the platform you must enter the following data:

Your first and last name

Your address (street, post code, city/town, country)

Your phone number.

iii)
Merchants

The following data must be entered to register as a commercial merchant:

Your company name

A contact person (first and last name)

Your company address (street, post code, city/town, country)

A phone number

A valid e-mail address

A username of your choice

A password of your choice.

You can also provide this voluntary user data:

Your fax number

A mobile phone number

An internet address.

c)
Using our internal messaging-tool

As a registered user you have the option to communicate with us or a merchant / private seller via an internal messaging tool provided on the website. To use the internal messaging tools, registration is required (see 2. b) ).

When you use our internal messaging tool, we will automatically and manually scan and analyze your sent messages. This is done for the purposes of

fraud prevention,

detection of unlawful acts and violations of our Terms and Conditions, as well as

to improve communication and customer service.

We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognised legitimate interest in accordance with the GDPR.

You can manage your sent and received messages by yourself and delete them on request. In the event of an attempted fraud, an unlawful act or breach of the General Terms and Conditions, we may store the appropriate messages even after request for deletion on the bases of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 item f GDPR in order to assert or defend against claims or exercise legal rights.

d)
Automated customer profile creation

We create a customer profile for your user account in order for you to use our platform as a registered user/merchant. We categorise your customer profile and supplement it with additional data so that you only receive information likely to be of interest to you. To do so we utilise this data:

Statistics (such as on the manner, frequency and intensity of use of the website), and

Your history of retrieved offers, manufacturer brands and sellers.

We process the aforementioned data for the following purposes:

For statistical evaluation

For market research

To ensure smooth functioning of the platform and to design the platform around user needs

To personalise our services, and

To deliver advertising to you which is exclusively targeted to your actual or predicted needs so as to eliminate irrelevant advertising.

We process data in accordance with our legitimate interests in line with Article 6 para. 1 sentence 1 item f GDPR. Data processing for the aforementioned purposes is a recognised legitimate interest in accordance with the GDPR.

You may file objection to the creation of a user profile and/or the evaluation and personalisation of our services or advertising at any time by clicking on this link, in which case processing will be stopped and your user profile will be immediately deleted unless you have consented to longer data retention per Article 6 para. 1 sentence 1 item a GDPR.

You may alternatively file objection at any time via e-mail to .

e)
Using the Trusted Checkout service

To pursue and conclude sales contracts with merchants via our Trusted Checkout service you must first have a user account (see item 2.b)i) ). The following data must also be provided, without exception:

Your first and last name

Your address (street, post code, city/town, country)

Your phone number.

We process the aforementioned data for the following purposes:

To check and identify the contract partner of the merchant

To facilitate the conclusion, structuring and execution of purchase contracts, and

to contact you as necessary for with any questions.

When you place a purchase inquiry with a merchant or conclude a purchase agreement with that merchant, we transfer your personal data to the merchant for the purposes outlined above.

Your data as specified above is processed upon your placement of an inquiry for the purposes outlined above and is required for use of the platform in accordance with Article 6 para. 1 sentence 1 item b of the GDPR, and thus required for fulfilment of the contract and of pre-contractual actions.

f)
Registering for our newsletter

We use your e-mail address to send you our personalised regular newsletter if you have expressly consented thereto in accordance with Article 6 para. 1 sentence 1 item a GDPR. To receive the newsletter it suffices to provide your e-mail address.

To receive more personalised newsletter content you can create a customer profile about you based on your collected personal data. This data relates to personal preferences such as product affinities observed on the basis of orders, interests, purchase decisions, preferred shopping time, etc. and is automatically processed and analysed so that relevant offers are predicted for you. Profiling may also be performed without consent on the basis of Article 6 para. 1 item f GDPR given a legitimate interest (see item 2.c) ).

We may also use your e-mail address without your express consent to send you information about similar products of our company if you are an existing customer and have not objected to the use of your e-mail address. Processing for purposes of marketing to existing customers is done on the basis of our legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR. Processing of your e-mail address for the purpose of direct marketing is a statutorily recognised interest under the GDPR.

In either case you can unsubscribe at any time, such as via link at the end of each newsletter. Alternatively, you can unsubscribe at any time by e-mail to .

g)
Using our contact form

You can use a form provided on the website to contact us with questions or contact a merchant or private seller. If you wish ask your question to a merchant or private seller, we forward your contact inquiry to them. For the use of the contact form, the following data is required, without exception:

a valid e-mail address and

Your specific question or message.

We process the aforementioned data for the following purposes:

to identify you

to answer your question, and

for forwarding to the relevant merchant or private seller as necessary.

Additionally, you can voluntarily provide your name and telephone number to enable quicker contact.

When you use our contact form, we may scan and analyse your message. This is done for fraud prevention purposes and to generally improve communication and customer service.

Data is processed upon placement of your inquiry, and such processing is required for the above purposes to fulfil the contract and pre-contractual actions in accordance with Article 6 para. 1 p. 1 item b GDPR. Data from contact inquiries is also processed on the basis of our legitimate interests per Article 6 para. 1 sentence 1 item f GDPR. These interests proceed from the aforementioned purposes.

Personal data we collect when you use the contact form is automatically deleted upon completion of your inquiry.

h)
When submitting a comment in our magazine

You can post a comment on articles in the magazine at https://www.chrono24.jp/magazine/. The following data must be provided, without exception in order to post a comment:

Your name

a valid e-mail address

the comment.

Posting comments on articles is voluntary. We utilise your personal data to publish your comments and allow other users to respond to them. We require your e-mail address to contact you and pursue any legal violations.

i)
Customer ratings via Trustpilot

Your opinion about our products and our service is important to us. We therefore offer you the option of submitting a rating about our platform via Trustpilot A/S's rating service at www.trustpilot.com
(Pilestræde 58, 3rd floor, 1112 Copenhagen K, Denmark, hereinafter "Trustpilot"). If you submit a rating, it will be published on our website and on the Trustpilot website. We however reserve the right to delete or not publish the rating.

Upon successful completion of a purchase, you will receive an email from us requesting you to rate our platform and our service. The email will contain a "Business Generated Link" from Trustpilot that will allow you to access Trustpilot and submit a rating regarding your transaction. The "Business Generated Link" will include your first and last name, your country of origin (for example, Germany), your email address and the transaction ID. After you click on the link, your personal information will be transmitted to Trustpilot, so that we can assign your rating to your purchase and ensure the rating's authenticity.

We have signed a data processing agreement with Trustpilot for the use of the rating service. With this agreement, Trustpilot ensures that they process data in accordance with the General Data Protection Regulation and ensure the protection of the data subject's rights.

Ratings submitted directly to Trustpilot can also be published on our website, provided that we were able to ensure the rating's authenticity.

Data processing as part of customer rating via Trustpilot takes place on the basis of our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. By doing so, we want to ensure the needs-based design and optimisation of our website.

For more details on the purpose and scope of data processing by Trustpilot, please refer to Trustpilot's Privacy Policy
.

disclosure is required pursuant to Article 6 para. 1 sentence 1 item f GDPR in order to assert or defend against claims or exercise legal rights and there are no grounds to assume that you have a prevailing legitimate interest in non-disclosure of your data.

4.
Visibility of your data to third parties

a)
As user and private seller

Personal data stored in connection with your user account (myChrono24, see items 2.b) i) and ii) ) cannot be viewed by third parties unless you have published offers on the platform. When you publish an offer on the platform as a private seller, registered and unregistered users will only be able to see your provider data on the platform if have expressly consented to their publishing in accordance with Article 6 para. 1 sentence 1 item a GDPR.

b)
As merchant

If you are registered as a merchant and publish offers on the platform, registered and unregistered users can view your provider data on the platform (as per item 2.b) iii)). You can restrict the visibility of your data during registration so that your address is not displayed, and thereafter in your profile settings.

The publication of the merchant data is required to fulfil and execute the contract between Chrono24 and the merchant as part of use of the platform in accordance with Article 6 para. 1 sentence 1 item b GDPR.

5.
Cookies and pixels

We utilise ‘cookies’ and ‘pixels’ or ‘tracking pixels’ on our website to record statistics on website usage and evaluate these for the purpose of optimising our offering (see item b).). These enable us to automatically recognise you have previously visited our website when you revisit it.

Your data are processed using cookies and pixels for the purposes specified above on the basis of our legitimate interests and those of third parties, in line with Article 6 para. 1 sentence 1 item f GDPR, according to which these interests qualify as legitimate.

a)
Cookies

Cookies are small files automatically created by your browser which are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device and do not contain viruses, Trojans or other malicious software.

Cookies store data about the specific device used for the respective website visit. This does not mean that we are able to directly discern your identity.

Cookies are in part utilised to enable us to enhance our offer for you. For example, we utilise what are known as ‘session cookies’ to recognise that you have already visited individual pages of our website, or have already logged in to your user account. These cookies are automatically deleted when you leave our website.

We also use temporary cookies which are stored on your device for a specific period of time in order to improve the user experience. When you revisit our site to utilise our services, these automatically register that you have visited before and the entries and settings you have made so that you do not have to re-configure these.

Most browsers are configured by default to accept cookies. You can configure your browser so that cookies are not stored on your computer, or so you receive notification before each new cookie is created. Disabling cookies can however mean that you are unable to utilise some features of our website.

b)
Pixels

Tracking pixels or just ‘pixels’ are small 1x1-pixel GIF files that can be hidden in graphics, e-mails, etc. when visiting a website. Pixels do not harm your device and do not contain viruses, Trojans or other malware.

Pixels send your IP address, the referrer URL of the website visited, the time the pixel was viewed, the browser used, and previously set cookie information to a web server. This enables us measure reach and conduct other statistical analyses for the purpose of optimising our platform and offerings.

Most browsers automatically accept pixels. You can use certain tools and browser add-ons to block the use of pixels on our webpages (like the AdBlock add-on for the Firefox browser).

6.
Analysis tools

a)
Tracking tools

We utilise the tracking tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. We deploy these tracking tools to optimise our website design on an ongoing basis to better meet user needs. In addition we use tracking tools to record website usage statistics which we analyse in order to optimise our offering for you. These interests qualify as legitimate under the provision cited above.

The data processing purposes and data types are as per the respective tracking tools.

i)
Google Analytics

We utilise Google Analytics, a web analytics service provided by Google LLC.
(1600 Amphitheater Parkway, Mountain View, CA 94043, hereinafter "Google") for the purpose of customising and continuously optimising our webpages. This service involves the creation of pseudonymised usage profiles and use of cookies (see item 5). The information generated by the cookie about your use of this website, such as

Browser type/version

Operating system used

Referrer URL (page last visited)

Host name of accessing computer (IP address)

Server query time

are transmitted to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.

This information is used to analyse use of the website, compile reports on website activity and provide additional services related to website activity and internet usage for the purposes of market research and website design in accordance with user needs. This information may be forwarded to third parties as required by law, and to third parties functioning as data processors. Your IP address will never be compiled with any other data held by Google. IP addresses are anonymised to render cross-referencing impossible (IP masking).

You may refuse to accept cookies by changing the settings on your browser accordingly; in such case however you may not be able to fully utilise the entire range of the features of this website.

You can also block the recording of data generated by the cookie concerning your use of the website (including your IP address) and prevent processing by Google by downloading and installing a browser add-on
.

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can opt out of data collection by Google Analytics by clicking on this link
. An opt-out cookie is set which blocks future collection of your data when visiting this website. The opt-out cookie is stored on your device and is only valid in that browser and for our website. If you delete the cookies for that browser, the opt-out cookie has to be reset.

For more information about privacy related to Google Analytics, see the Google Analytics Help Centre
.

ii)
Google Adwords Conversion Tracking

We utilise Google conversion tracking to record website usage statistics and analyse these for the purpose of optimising our offerings. Google Adwords places a cookie on your computer (see item 5) when you navigate to our website via a Google ad. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.

These cookies expire after 30 days and are not used for personal identification. If a user visits certain pages of the website of the Adwords customer and the cookie has not yet expired, Google and the customer can observe that the user clicked on the ad and was redirected to this page.

Every Adwords customer receives a different cookie. Cookies thus cannot be tracked via the websites of Adwords customers. Information obtained via conversion cookie is used to prepare conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers receive information on the total number of users who have clicked on their ad and were redirected to a page bearing a conversion tracking tag. They do not however receive any information with which the user can be personally identified.

If you wish to opt out of tracking you can reject cookie placement, for example by configuring your browser to disable the automatic placement of any cookies. You can also disable conversion tracking cookies by configuring your browser to block cookies at "www.googleadservices.com". The Google conversion tracking privacy policy can be found here
.

iii)
VWO (Visual Web Optimiser)

We utilise VWO, which is a web analysis service provided by Wingify Software Pft. Ltd.
that enables us to run A/B and multivariate testing
allowing us to determine which version of our website users prefer. VWO involves the use of cookies (see item 5) which store your IP address among other data. This is anonymised by VWO before transmission to a server in India. VWO does not store or process any attributes identifying a person in doing so.

You can disable collection and processing of your website usage data by VWO at any time with non-retrospective effect. An opt-out cookie
is utilised for this which contains the data you do not want VWO to collect. The data is not disclosed to third parties unless there is a legal obligation to do so or the third parties have been commissioned as data processor (such as a data centre).

See the VWO data privacy policy
for further information on data protection and how the service works.

iv)
Hotjar

We use the Hotjar analytics service (3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe) on our website. Hotjar is a tool for studying user behaviour that enables us to measure and evaluate the behaviour of visitors to our website (such as mouse movement, clicks and scroll height).

Hotjar places cookies for this purpose (see item 5) on the devices of site visitors which can store their browser information, operating system, data on time spent on the site, etc. in anonymised form.

You can prevent Hotjar from processing such data by disabling use of cookies via your web browser settings and deleting active cookies already placed. Another way to prevent data processing by Hotjar is to enable the "Do-Not-Track" function in your browser. The procedure for doing so can be found here
.

v)
Bing Ads

We utilise Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service of the Microsoft Corporation ("Microsoft") that allows us to track user activity on our website when the user navigates to our website via Bing Ads advertisements.

A cookie is placed on your computer when you visit our website via a Bing Ads ad, (see item 5). A Bing UET tag is integrated into our website. This tag is a code which in combination with the cookie stores certain non-personally data about your use of the site. This includes the time spent visiting the website, the areas of the website that were visited and the ads via which the user navigated to the website. Information about your identity is not collected.

This information is transmitted to Microsoft servers in the US and stored there for a maximum 180 days. Microsoft is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy.

For more information on Bing analytics services, visit the Bing
website.

See the Microsoft Data Privacy Policies for further information about data protection at Microsoft
.

vi)
MaxMind

For fraud prevention purposes we transmit your IP address and data about the device used to the service provider MaxMind, Inc. (14 Spring Street, 3rd Floor Waltham, MA 02451, USA, hereinafter "MaxMind"). Your data is transmitted to a MaxMind server in the US and stored there. MaxMind is subject to the EU-US Privacy Shield, which guarantees an appropriate level of privacy. We use this service to receive statistical analysis of IP addresses, devices and locations which we utilise to detect and prevent fraud.

Your data is processed exclusively for this purpose. This data is deleted when you end usage. Further information on data protection in connection with MaxMind can be found here
.

You can prevent geolocalisation by blocking the placement of cookies by changing the settings on your browser accordingly; in such case however you may not be able to fully utilise the entire range of the features of this website.

vii)
Crashlytics

Our mobile app uses crashlytics analysis software of Google Ireland Limited with registered office at Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Crashlytics"). Crashlytics collects app usage data specifically relevant to system crashes and errors. Data is gathered about the device and app version installed as well as other information which facilitates troubleshooting, such as data relating to the user's software and hardware. For further information see the Crashlytics Data Protection Policy: https://try.crashlytics.com/terms/privacy-policy.pdf
.

You can opt out of the use of Crashlytics in the privacy settings of our Mobile App.

b)
Targeting tools

We utilise the targeting tools outlined below on the basis of Article 6 para. 1 sentence 1 item f GDPR. Targeting tools are used to ensure that all advertising displayed on your devices is based on your actual or predicted interests. These interests qualify as legitimate under the provision cited above.

See the sections on the respective tracking tools regarding their data processing purposes and data types.

i)
Google Adwords remarketing

We utilise Google Remarketing Tags, which are a service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter "Google"). Google utilises ‘cookies’ (see item 5), which are text files stored on your computer allowing analysis of your website usage. The information generated by the cookie about your use of this website (including your IP address) is sent to a Google server in the US and stored there. Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.

Google then removes the last three digits of the IP address, rendering definite cross-referencing of the IP address impossible. Google will use this information to evaluate your use of the website, compile reports on website activity for website operators and provide other website and internet usage-related services.

Google may furthermore forward this information to third parties as required by law, and to third parties processing this data on Google's behalf. Third parties, including Google, place ads on internet websites. Third parties, including Google, utilise stored cookies to serve ads based on data from previous visits to the site by a user. Google will never associate your IP address with any other data held by Google. You may revoke permission for data collection and storage at any time with non-retrospective effect. You can disable the use of cookies by Google by visiting the page to disable Google advertising.

Please be advised however that you may not be able to utilise all functionalities of this website in such case. By using this site, you consent to Google processing data gathered about you in the manner and for the purpose outlined above. Further information about Google policies can be found here
.

ii)
Google Double Click

Cookies are used on our website to collect and evaluate data for the purpose of optimising advertising (see item 5). For this we use targeting technologies of Google Inc. (Double Click, Double Click Exchange Buyer, Double Click Bid Manager). These technologies enable us to serve advertising to you in targeted fashion based around your interests. The cookies are used, for example, to record information about which of our products you are interested in. Using this information we can market offers to you on our website or third-party websites which are oriented around your specific interests as predicted based on your historical user behaviour. Data collected and evaluated pertaining to your user behaviour exclusively on a pseudonymous basis so that it is not possible for us to identify you. In particular, this data is not merged with personal data about you.

Google is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.

The cookie is automatically deleted after 30 days.

You can also configure setting for the display of interest-based advertising via the Google
Ads Settings Manager.

See the Google Data Protection Policy and Terms of Use
for further information on data protection respecting advertising and Google.

iii)
Facebook Custom Audiences

We utilise Facebook Website Custom Audiences, a service of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). This Facebook marketing service allows us to display personalised and interest-based advertising on Facebook for particular groups of pseudonymised visitors to our website who use Facebook.

A Facebook custom audience pixel is integrated on our website. This is a Java Script code which stores non-personal data about your usage the website. This data includes your IP address, the browser you are using, and the referring and destination pages. This data is transmitted to Facebook servers in the United States. Facebook is subject to the EU-US Privacy Shield, which guarantees an appropriate level of data privacy.

In an automated process there it is checked whether you have a Facebook cookie stored. The Facebook cookie automatically determines whether you belong to the target group relevant for us. If you belong to the target group, we then show you relevant ads of ours on Facebook. In this process, you are not personally identified, either by us or by Facebook.

You can opt out of use of the Custom Audiences service on the Facebook
website. After logging in to your Facebook account, go to the Facebook ads settings.

See the Facebook privacy policy for more information on data protection at Facebook
.

iv)
Criteo

This website utilises technologies of Criteo SA (32 Rue Blanche, 75009 Paris, France) to collect and store data for marketing and optimisation purposes. We determine the purposes and means of processing jointly with Criteo, and thus are jointly responsible for processing as controller.

Criteo technologies enable us to evaluate our advertising campaigns and content. This data can be utilised to create a usage profile under a pseudonym. Cookies are employed for this purpose. Data collected using the Criteo technology are not used to personally identify visitors to this website and are not merged with personal data about the pseudonym bearer without the specific consent of the data subject. Criteo analyses browsing behaviour using an algorithm to then display targeted product recommendations via personalised advertising banners on other websites (‘publishers’). The data is not otherwise used or forwarded to third parties. See the Criteo Privacy Policy
for further information about Criteo technology.

When Criteo is used, additional pixels of partners of Criteo are loaded as well. An overview of all publishers and networks that load pixels is provided here
.

You can opt out of pseudonymous analysis of your browsing behaviour at any time via us. See the Criteo link
below for instructions on disabling the Criteo service.

Please be advised that if you opt out of displaying personalised ads from Criteo and other advertising affiliates, you will still receive advertisements but these will be less tailored to your interests and browsing behaviour.

v)
CrossEngage

Information about your user behaviour on our website is collected and evaluated via cookies on our website (see paragraph 5) by our service provider CrossEngage GmbH (Bertha-Benz-Strasse 5, 10557 Berlin). This allows us to tailor our marketing activities around your actual or predicted interests and display ads on other websites or advertising channels.

If you do not consent you can opt out of such collection and use with non-retrospective effect by e-mail notification to optout@crossengage.io. Further information on data protection in connection with CrossEngage can be found here
.

7.
Social Media Plug-ins

We utilise social plug-ins of the social media networks Facebook, Twitter, Google+ and Instagram to promote our company on our website on the basis of Article 6 para. 1 sentence 1 item f GDPR. This promotional purpose is a legitimate interest within the meaning of the GDPR. The respective providers are responsible for ensuring operation in conformance with data protection laws.

The social media buttons are integrated with a self-developed solution. This solution prevents you from connecting to a social media network just by opening a web page with a social media button on it without pressing the button, i.e. data are not sent to the social media network unless you hit the button.

a)
Facebook

Our platform uses social media plug-ins of Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) to personalise the experience through usage of "LIKE" and "SHARE" buttons. These are a Facebook offering.

When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Facebook servers. The plug-in content is sent by Facebook directly to your browser and integrated into the page.

When a plug-in is integrated, Facebook receives the data the browser you used to access the page of our website in question even if you do not have a Facebook account or are currently not logged in to Facebook. This data (including your IP address) is transmitted by your browser directly to a Facebook server in the US and stored there.

If you are logged into Facebook, Facebook can directly reference your visit to our website your Facebook account. If you interact with a plug-in such as by pressing a "LIKE" or "SHARE" button, the corresponding information data is also transmitted directly to a Facebook server and stored. This data is posted on Facebook and displayed to your Facebook friends.

Facebook can use this data for the purposes of advertising, market research and structuring Facebook pages in line with user needs. This involves Facebook creating user, interest and relationship profiles, for example to evaluate your use of our website in relation to advertisements displayed on Facebook, to inform other Facebook users of your activities on our website and to provide other services related to use of Facebook.

If you do not want Facebook to reference information about you from our website to your Facebook account, you must log out of Facebook before visiting our website.

Please see the Facebook data privacy notices
for information regarding the purpose and scope of data collection, further processing and use of data by Facebook, your data privacy rights and data privacy configuration settings.

b)
Twitter

Plug-ins of the news and social networking firm Twitter International Company (One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland, hereinafter "Twitter") are integrated into our web pages. Twitter plug-ins (Tweet button) bear the Twitter logo, making them identifiable on our website. An overview of Tweet buttons can be found here
.

When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, a direct connection is established between your browser and a Twitter server. Twitter then receives the information that you have visited our page, and your IP address. You can link content from our webpages with your Twitter account by clicking on the Twitter "Tweet" button while logged into your Twitter account. This enables Twitter to cross-reference your visit to our webpages to your user account. Please note that as website provider we have no knowledge of the content of the data transmitted or regarding its use by Twitter.

You should log out of your Twitter account first if you do not want Twitter to be able to cross-reference your visit to our webpages to your Twitter user account.

For further information see the Twitter data privacy policy
.

c)
Google+

Our website uses plug-ins of Google Plus, social media network operated by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA). The plug-ins are recognisable on buttons, for example, by the characters "+1" appearing on a white or coloured background. An overview of Google plug-ins and their appearance can be found here
.

When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Google servers. The plug-in content is sent by Google directly to your browser and integrated into the page. When a plug-in is integrated, Google receives the data the browser you used to access the page of our website in question even if you do not have a Google Plus profile or are currently not logged in to Google Plus. This data (including your IP address) is transmitted by your browser directly to a Google server in the US and stored there. If you are logged in to Google Plus, Google can directly reference your visit to our website to your Google Plus profile.

If you interact with a plug-in such as by pressing a "+1" button, the corresponding information data is also transmitted directly to a Google server and stored. This data is also published on Google Plus and displayed to your contacts there.

Please see the Google data privacy notices
for information regarding the purpose and scope of data collection, further processing and use of data by Google, your data privacy rights and data privacy configuration settings.

If you do not want Google to be able to directly reference data collected about your visit to our website to Google Plus, you must log out of Google Plus before visiting our website. You can use browser add-ons such as NoScript (http://noscript.net/
) to completely block the loading of Google plug-ins.

When you visit a page of our website featuring such a plug-in and you activate that plug-in yourself, your browser establishes a direct connection to Instagram servers. The plug-in content is sent by Instagram directly to your browser and integrated into the page. When a plug-in is integrated, Instagram receives the data the browser you used to access the page of our website in question even if you do not have an Instagram profile or are currently not logged in to Instagram.

This data (including your IP address) is transmitted by your browser directly to an Instagram server in the US and stored there. If you are logged into Instagram, Instagram can directly reference your visit to our website your Instagram account. If you interact with a plug-in such as by pressing an Instagram button, the corresponding information data is also transmitted directly to an Instagram server and stored.

This data is also published on your Instagram account and displayed to your contacts there.

If you do not want Instagram to directly reference information about you from our website to your Instagram account, you must log out of Instagram before visiting our website.

For further information see the Instagram data privacy policy
.

8.
Rights as data subject:

You have the right:

to revoke consent you have granted us at any time in accordance with Article 7 para. 3 GDPR. This applies non-retrospectively, so that without your consent we are no longer allowed to process data thereafter

to request information about the personal data of yours which we are processing in accordance with Article 15 GDPR. In particular, you are entitled to receive information about the processing purposes, the types of personal data, the types of recipients to whom your data has been disclosed, the intended storage retention period, about your rights to demand correction, deletion, processing restriction and to file objection, about your complaint rights, the source of your data if not collected by us, and whether automated decision-making is utilised, including profiling, along with relevant details as appropriate

to demand the correction of incorrect personal data and the addition of incomplete personal data we have stored, in line with Article 16 GDPR

to demand the deletion of your personal data stored by us, except if processing is necessary to exercise freedom of expression speech and information rights, to fulfil a legal obligation, for reasons of public interest or to assert or defend against legal claims or exercise rights, in line with Article 17 GDPR

to demand the restriction of your personal data from processing in accordance with Article 18 GDPR if you dispute the correctness of the data or processing is unlawful but you reject its deletion and we no longer need the data yet you require the data in order to assert or defend against legal claims or exercise rights, or if you have filed objection to processing in accordance with Article 21 GDPR

to receive your personal data from us in a commonly used, structured, machine-readable format, and to request such to be sent to a different data controller in line with Article 20 GDPR

to lodge complaint with a supervisory authority in line with Article 77 GDPR. Generally you should contact the supervisory authority for your primary place of residence, your place of work or our company headquarters.

9.
Right to file objection

If your personal data are processed on the basis of on legitimate interests in accordance with Article 6 para. 1 sentence 1 item f GDPR, you have the right to file an objection against the processing of your personal data pursuant to Article 21 GDPR given reasons for doing so which pertain to your special circumstances or the objection pertains to direct advertising. In the latter case you enjoy a general right to file objection which we will act upon without your having to outline any special circumstances.

To exercise your right to file objection it suffices to send a corresponding e-mail to .

10.
Data security

We utilise the widely used TLS (Transport Layer Security) method for our website in combination with the highest level of encryption supported by your browser. TLS is a secure and proven standard utilised in online banking, for example. A secure TLS connection is indicated among other things by the letter ‘s’ appended on the ‘http’ (i.e. https://..) in the address bar of your browser, and by a lock icon appearing at the bottom of your browser.

We furthermore implement appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction and unauthorised access by third parties. The security measures we implement are continuously upgraded to remain in line with technological progress.

If you register with us as a user, you can only access your user account after entering your personal password. You should always keep your access data confidential and close the browser window when you have finished communicating with us, especially if you share your computer with others.

We take company-internal data protection very seriously as well. We bind our staff and commissioned service provider firms to uphold confidentiality and comply with data protection regulations.

11.
Version of and changes to this Data Protection Policy

This Data Protection Policy is the latest, valid version, last updated in May 2018.

Changes to our website and offers marketed via the website and changes in legal or regulatory requirements may necessitate updating of this Data Protection Policy. You can view and print out the latest updated version of this Data Protection Policy at any time on the website